salt/ansible
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Decom the K8s cluster, roll all its jobs into one singular machine

Browse Source
This commit is contained in:
Salt 2021-09-13 13:50:22 -05:00
parent a1d5e94a2e
commit 3f3c7b8392
17 changed files with 181 additions and 91 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitlab-ci.yml
View File

@ -64,10 +64,10 @@ Test:
- if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi - if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi
- if [ -n "$error" ]; then echo "Return code $error"; false; fi - if [ -n "$error" ]; then echo "Return code $error"; false; fi
Play_Against_PiK8S: Play_Against_Pis:
stage: play stage: play
script: script:
- ansible-playbook -l device_roles_pik8s-master,device_roles_pik8s-node,device_roles_pik8s-storage site.yml --vault-password-file /vaultpw || error="$?" - ansible-playbook -l manufacturers_raspi site.yml --vault-password-file /vaultpw || error="$?"
- if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi - if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi
- if [ -n "$error" ]; then echo "Return code $error"; false; fi - if [ -n "$error" ]; then echo "Return code $error"; false; fi
Play_Against_Desktops: Play_Against_Desktops:

23
inventory/group_vars/all.yml
View File

@ -260,6 +260,29 @@ secret_snmp_rouser_privacy_passphrase: !vault |
3764363538636232630a383730323433343239663461373030383132626532306130363965316661 3764363538636232630a383730323433343239663461373030383132626532306130363965316661
64353932376139613765303764313463353366663535653135393637633835353566 64353932376139613765303764313463353366663535653135393637633835353566
# For home media stuff
secret_transmission_user_pass: !vault |
$ANSIBLE_VAULT;1.1;AES256
63386231316662313039646435323861343762386135616437613530653932363333353130333232
3161383737386631336362313139316433656337396538330a656663336338613533393032663433
33346663613731656236666561303530613961363733336261363130646639326361356134386332
6335336139346331300a643962653936323135666463343865393162346637616263373636383534
39663833613135383761643661373163383138316534333264633835613965616135
secret_pia_user: !vault |
$ANSIBLE_VAULT;1.1;AES256
38343633366234633430356364633634653433633963393332303439613966353438663066633465
3333333237306430346633336565613932396564353032660a373462333736343062626135316239
65306462643563323565386331373930326231353866626336643533663136353238626663373566
3763303637633838660a353362303966633931356538616636363438623165303536663535383764
6337
secret_pia_pass: !vault |
$ANSIBLE_VAULT;1.1;AES256
31333661636562386633396130383630383332303662613739393339373134326330373137656531
3934636662663265303137346163326461306461356138340a323662313130653539633338303035
62313265633338356436393033353438666634363536613266346139666364613238396338363731
6633666366353538300a613965633766653332613465326137396562313230343161346162343762
37643164663466343166346534303932613763643965623066353336363238643266
# For Steam games # For Steam games
steam_username: !vault | steam_username: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256

2
inventory/group_vars/device_roles_pik8s-master.yml
View File

@ -1,2 +0,0 @@
# vim:ft=ansible
kubernetes_role: master

2
inventory/group_vars/device_roles_pik8s-node.yml
View File

@ -1,2 +0,0 @@
# vim:ft=ansible
kubernetes_role: node

3
inventory/host_vars/pi-kub-node-1.desu.ltd.yml
View File

@ -1,3 +0,0 @@
# vim:ft=ansible
keepalived_state: MASTER
keepalived_priority: 50

2
inventory/host_vars/pi-kub-node-2.desu.ltd.yml
View File

@ -1,2 +0,0 @@
# vim:ft=ansible
keepalived_priority: 49

2
inventory/host_vars/pi-kub-node-3.desu.ltd.yml
View File

@ -1,2 +0,0 @@
# vim:ft=ansible
keepalived_priority: 48

2
inventory/host_vars/pi-kub-node-4.desu.ltd.yml
View File

@ -1,2 +0,0 @@
# vim:ft=ansible
keepalived_priority: 47

2
inventory/host_vars/pi-kub-node-5.desu.ltd.yml
View File

@ -1,2 +0,0 @@
# vim:ft=ansible
keepalived_priority: 46

59
playbooks/device_roles_pik8s.yml
View File

@ -1,59 +0,0 @@
#!/usr/bin/env ansible-playbook
# vim:ft=ansible:
---
# k8s
- hosts: device_roles_pik8s-master,device_roles_pik8s-node
gather_facts: no
roles:
- role: k8s
tags: [ k8s, skip-pull ]
- role: backup
vars:
backup_s3backup_list_extra:
- /etc/kubernetes
tags: [ k8s, backup ]
- hosts: device_roles_pik8s-master
gather_facts: no
tasks:
- name: install openshift
pip: name=openshift state=latest
tags: [ k8s, packages, pip ]
- hosts: device_roles_pik8s-node
gather_facts: no
roles:
- role: keepalived
vars:
keepalived_stanzas:
- name: VI_1
state: "{{ keepalived_state | default('BACKUP') }}"
interface: eth0
virtual_router_id: 51
priority: "{{ keepalived_priority }}"
advert_int: 1
auth_pass: "{{ secret_keepalived_pass }}"
vip: "192.168.102.200/16"
- name: VI_2
state: "{{ keepalived_state | default('BACKUP') }}"
interface: eth0
virtual_router_id: 52
priority: "{{ keepalived_priority }}"
advert_int: 1
auth_pass: "{{ secret_keepalived_pass }}"
vip: "192.168.102.201/16"
- name: VI_3
state: "{{ keepalived_state | default('BACKUP') }}"
interface: eth0
virtual_router_id: 53
priority: "{{ keepalived_priority }}"
advert_int: 1
auth_pass: "{{ secret_keepalived_pass }}"
vip: "192.168.102.202/16"
- name: VI_4
state: "{{ keepalived_state | default('BACKUP') }}"
interface: eth0
virtual_router_id: 54
priority: "{{ keepalived_priority }}"
advert_int: 1
auth_pass: "{{ secret_keepalived_pass }}"
vip: "192.168.102.240/16"
tags: [ k8s, keepalived ]

87
playbooks/device_roles_pik8s-storage.yml → playbooks/home_media.yml
View File

@ -1,19 +1,20 @@
#!/usr/bin/env ansible-playbook #!/usr/bin/env ansible-playbook
# vim:ft=ansible: # vim:ft=ansible:
--- ---
# Mass storage Pis # Home media storage Pi
- hosts: device_roles_pik8s-storage - hosts: pi-media-1.desu.ltd
module_defaults:
docker_container:
state: started
restart_policy: unless-stopped
pull: yes
tasks: tasks:
# The specific mount here is because each storage node as an M.2 SSD hooked up to it
# So we mount that and use the SD card for normal OS shenanigans
- name: assure mount directory - name: assure mount directory
file: path=/data state=directory mode=0755 file: path=/data state=directory mode=0755
tags: [ pis, storage ] tags: [ pis, storage ]
- name: assure mount - name: assure mount
mount: path=/data src=LABEL=mass state=mounted fstype=ext4 mount: path=/data src=LABEL=mass state=mounted fstype=ext4
tags: [ pis, storage ] tags: [ pis, storage ]
- hosts: pi-storage-1.desu.ltd
tasks:
- name: assure directories in mount - name: assure directories in mount
file: path=/data/{{ item }} state=directory mode=0755 file: path=/data/{{ item }} state=directory mode=0755
with_items: with_items:
@ -26,15 +27,79 @@
- { path: /var/lib/postgresql, src: postgresql } - { path: /var/lib/postgresql, src: postgresql }
- { path: /srv/nfs, src: nfs } - { path: /srv/nfs, src: nfs }
tags: [ pis, storage ] tags: [ pis, storage ]
- name: ensure docker network
docker_network: name=web
tags: [ docker ]
- name: ensure docker nginx config
copy:
dest: /data/nginx/conf.d/vhosts.conf
mode: "0644"
content: |
server {
listen 80 default_server;
server_name transmission.local.desu.ltd;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://transmission:9091;
}
}
server {
listen 80;
server_name jackett.local.desu.ltd;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://jackett:9117;
}
}
server {
listen 80;
server_name sonarr.local.desu.ltd;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://sonarr:8989;
}
}
server {
listen 80;
server_name radarr.local.desu.ltd;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://radarr:7878;
}
}
tags: [ docker, ingress ]
- name: include tasks for apps
include_tasks: tasks/app/{{ task }}
with_items:
- redis.yml
loop_control:
loop_var: task
tags: [ always ]
- name: include tasks for web services
include_tasks: tasks/web/{{ task }}
with_items:
- transmission.yml
- jackett.yml
- sonarr.yml
- radarr.yml
- ingress-insecure.yml
loop_control:
loop_var: task
tags: [ always ]
roles: roles:
- role: backup - role: backup
vars: vars:
backup_s3backup_list_extra: backup_s3backup_list_extra:
- /srv/nfs/k8s/default/web-9iron-pvc - /data/transmisson
- /srv/nfs/k8s/default/web-grafana-pvc - /data/jackett
- /srv/nfs/k8s/default/web-jackett-config-pvc - /data/sonarr
- /srv/nfs/k8s/default/web-netbox-pvc
- /srv/nfs/k8s/default/web-transmission-config-pvc
backup_time: "Mon *-*-* 02:00:00" backup_time: "Mon *-*-* 02:00:00"
tags: [ backup ] tags: [ backup ]
- role: postgresql - role: postgresql

13
playbooks/tasks/web/ingress-insecure.yml Normal file
View File

@ -0,0 +1,13 @@
# vim:ft=ansible:
- name: docker deploy nginx proxy
docker_container:
name: ingress
image: nginx:latest
networks:
- name: web
aliases: [ "ingress" ]
ports:
- "80:80"
volumes:
- /data/nginx/conf.d:/etc/nginx/conf.d
tags: [ docker, ingress ]

13
playbooks/tasks/web/jackett.yml Normal file
View File

@ -0,0 +1,13 @@
# vim:ft=ansible:
- name: docker deploy jackett
docker_container:
name: jackett
image: linuxserver/jackett:latest
env:
AUTO_UPDATE: "false"
networks:
- name: web
aliases: [ "jackett" ]
volumes:
- /data/jackett/config:/config
tags: [ docker, jackett ]

13
playbooks/tasks/web/radarr.yml Normal file
View File

@ -0,0 +1,13 @@
# vim:ft=ansible:
- name: docker deploy radarr
docker_container:
name: radarr
image: linuxserver/radarr:latest
networks:
- name: web
aliases: [ "radarr" ]
volumes:
- /data/radarr/config:/config
- /data/shared/downloads:/data
- /data/shared/media:/tv
tags: [ docker, radarr ]

13
playbooks/tasks/web/sonarr.yml Normal file
View File

@ -0,0 +1,13 @@
# vim:ft=ansible:
- name: docker deploy sonarr
docker_container:
name: sonarr
image: linuxserver/sonarr:latest
networks:
- name: web
aliases: [ "sonarr" ]
volumes:
- /data/sonarr/config:/config
- /data/shared/downloads:/data
- /data/shared/media:/tv
tags: [ docker, sonarr ]

26
playbooks/tasks/web/transmission.yml Normal file
View File

@ -0,0 +1,26 @@
# vim:ft=ansible:
- name: docker deploy transmission
docker_container:
name: transmission
image: haugene/transmission-openvpn:latest
env:
USER: transmission
PASS: "{{ secret_transmission_user_pass }}"
OPENVPN_PROVIDER: PIA
OPENVPN_CONFIG: france
OPENVPN_USERNAME: "{{ secret_pia_user }}"
OPENVPN_PASSWORD: "{{ secret_pia_pass }}"
LOCAL_NETWORK: 192.168.0.0/16
capabilities:
- NET_ADMIN
ports:
- 51413:51413/tcp
- 51413:51413/udp
networks:
- name: web
aliases: [ "transmission" ]
volumes:
- /data/transmission/config:/config
- /data/shared/downloads:/data
- /data/transmission/watch:/watch
tags: [ docker, transmission ]

6
site.yml
View File

@ -10,10 +10,8 @@
- import_playbook: playbooks/tags_zerotier.yml - import_playbook: playbooks/tags_zerotier.yml
- import_playbook: playbooks/tags_snmp.yml - import_playbook: playbooks/tags_snmp.yml
- import_playbook: playbooks/tags_nagios.yml - import_playbook: playbooks/tags_nagios.yml
# Device roles # Home configuration
- import_playbook: playbooks/device_roles_pik8s-storage.yml - import_playbook: playbooks/home_media.yml
- import_playbook: playbooks/device_roles_pik8s.yml
- import_playbook: playbooks/device_roles_workstation.yml
# Production configuration # Production configuration
- import_playbook: playbooks/prod_db.yml - import_playbook: playbooks/prod_db.yml
- import_playbook: playbooks/prod_web.yml - import_playbook: playbooks/prod_web.yml